Digital Forensics and Incident Response Engineer - Herts

Basic listing free. Premium listing includes listing on Forensic Focus homepage and RSS newsfeed, notification sent to Forensic Focus Twitter followers, a post to the Forensic Focus Facebook page, a post to the Forensic Focus LinkedIn Group and guaranteed inclusion of a link in the Forensic Focus newsletter. Learn more.

If working for an organisation that believe in development and training from day one and have some of the UK’s top 10% talent with their business, this could be where your next career move is heading. My client is a FTSE 100 company who have a fantastic technology centre where security bleeds through the business and is a high priority.

They are looking to hire a Digital Forensics and Incident Response Engineer who will cover three key areas; host forensics, memory forensics and network forensics. You will be the go to person within the business for on-going forensic incident response as part of the technology security team, where threats are identified and you contribute to lead response and investigation required to obtain all of the facts.

What does a typical day look like?

Involve close working with security teams, responding to incident tickets and alerts, aiding investigations and continually improving their response, detect and prevention processes.

Skills & experience required:

• You will need to have demonstrated experience of Digital Forensic and Incident Response Investigations.
• Experience of evidence and artefact acquisition, both via physical and remote methods.
• Understanding of file system fundamentals, e.g. NFTS, FAT, ext2, ext4, ext4 etc.
• Experience with forensic toolsets such as Encase, X-Ways, IEF, Autopsy, or equivalents.
• Understanding of anti-forensic techniques.
• Timeline analysis.
• Technical understanding of memory management concepts.
• Experience with memory analysis frameworks such as Volatility or Rekall.
• Understanding of modern attacker tools and techniques.
• Understanding of network protocols including the seven layer and TCP/IP network models.
• Proficient in IDS analysis, including creation of network signatures.
• Experience with conducting Static and Dynamic Analysis of malicious files.
• Experience of safe handling of malicious files and operation security.
• Understanding of Sandbox technologies and the limitations they face.
• Knowledge of Microsoft Windows operating system internals, it would be desirable to have knowledge in Unix and Mac operating system internals also.
• Proficient in creating signature detection for malicious files.

Any of the following certifications would be advantageous but not essential: